Manuals / TP-Link / Computer Equipment / Switch

TP-Link TL-SL5428E manual 11.5, Detect Time, Attack Type

Models: TL-SL5428E

1 259

Download 259 pages 46.72 Kb

Page 184

Choose the menu Network Security→DoS Defend→DoS Detect to load the following page.

Figure 11-18 DoS Detect

The following entries are displayed on this screen:

¾Detect Config

Detect Time:	Specify the detect time for each DoS attack type except the
	flooding attack type.
Detect:	Click the Detect button to start the detection. The switch will
	detect each type of the DoS attack in turn.
¾ Detect Result
Port:	Display the port number.
Attack Type:	Displays the Attack Type name.
Attack Count:	Displays the count of the attack.

Tips:

You are suggested to take the following further steps to ensure the network security.

1.It’s recommended to inspect and repair the system vulnerability regularly. It is also necessary to install the system bulletins and backup the important information in time.

2.The network administrator is suggested to inspect the physic environment of the network and block the unnecessary network services.

3.Enhance the network security via the protection devices, such as the hardware firewall.

11.5 802.1X

The 802.1X protocol was developed by IEEE802 LAN/WAN committee to deal with the security issues of wireless LANs. It was then used in Ethernet as a common access control mechanism for LAN ports to solve mainly authentication and security problems.

802.1X is a port-based network access control protocol. It authenticates and controls devices requesting for access in terms of the ports of LAN access control devices. With the 802.1X protocol enabled, a supplicant can access the LAN only when it passes the authentication, whereas those failing to pass the authentication are denied when accessing the LAN.

¾Architecture of 802.1X Authentication

802.1X adopts a client/server architecture with three entities: a supplicant system, an authenticator system, and an authentication server system, as shown in the following figure.

176

Image 184

TP-Link TL-SL5428E manual 11.5, Detect Time, Attack Type

Contents

Rev 1910010529 Copyright & Trademarks Contents Gvrp TC Protect 101 11.4.1 11.4.2 NtdpVII Package Contents About this Guide Intended ReadersConventions Overview of This GuidePath Switch, which facilitates you to monitor the Igmp messages Return to Contents Main Features Overview of the SwitchIntroduction Front Panel Appearance Description¾ LEDs Name Status Indication Rear Panel Login Login to the SwitchConfiguration Return to Contents System System InfoSystem Summary ¾ Port Status¾ Port Info PortType Rate¾ Bandwidth Utilization Device Description¾ Device Description System Time ¾ Time Config¾ Time Info System IP User Manage User TableUser Config ¾ User InfoConfig Restore PasswordConfirm Password Retype the password User ID, Name, Access Level and status OperationFirmware Upgrade Config Backup¾ Config Backup System Reboot System ResetAccess Security Access Control¾ Access Control Config ¾ Session ConfigIP Address&Mask MAC AddressSSL Config ¾ Access User NumberSSH Config ¾ Global Config¾ Certificate Download ¾ Key DownloadProtocol Idle TimeoutMax Connect ¾ Configuration Procedure Key TypeDownload ¾ Network RequirementsApplication Example 2 for SSH Page Return to Contents Switching Port ConfigPort Port SelectPort Mirror DescriptionSpeed and Duplex Flow Control¾ Mirroring Port ¾ Mirrored PortIngress EgressPort Security ¾ Port SecurityMax Learned MAC Port IsolationLearned Num ¾ Port Isolation Config Forward Portlist Select the port that to be forwarded to¾ Port Isolation List Forward Portlist Display the forwardlistLAG LAG TableAggregate Arithmetic ¾ LAG TableGroup Number Member¾ LAG Config Static LAGLacp Config LAG will delete this LAG¾ Lacp Config Admin KeySystem Priority Port PriorityTraffic Summary Traffic Monitor¾ Auto Refresh Traffic Statistics MAC Address Type Configuration Way Aging out RelationshipBound Address and the port¾ Search Option ¾ Address TableMAC Address Displays the MAC address learned by the switch Static AddressDisplays the corresponding Vlan ID of the MAC address ¾ Create Static AddressDynamic Address ¾ Static Address Table¾ Aging Config ¾ Dynamic Address TableFiltering Address Bind¾ Create Filtering Address ¾ Filtering Address TableVlan Vlan implementation802.1Q Vlan ¾ Link Types of portsVlan Config ¾ Pvid¾ Vlan Table Vlan ID SelectDescription ： Members Operation ：¾ Vlan Config Enter the ID number of VlanIs valid or not ¾ Vlan Members¾ Vlan Port Config Port Displays the port numberRequired. On the VLAN→802.1Q VLAN→Port Config page, set Required. On the VLAN→802.1Q VLAN→VLAN Config¾ Vlan of Port Vlan DescriptionOptional. On the VLAN→802.1Q VLAN→VLAN Config MAC Vlan¾ MAC Vlan Table Port EnableMAC Select Required. On the VLAN→MAC VLAN→Port Enable Protocol VlanProtocol Vlan Protocol Template¾ Create Protocol Vlan ¾ Protocol Vlan Table¾ Create Protocol Template ¾ Protocol Template TableApplication Example for 802.1Q Vlan Required. On VLAN→802.1Q VLAN→Port Config page, configure Required. On VLAN→802.1Q VLAN→VLAN Config page, create aApplication Example for MAC Vlan Operation Description¾ Network Diagram ¾ Configuration Procedure Application Example for Protocol Vlan Required. On VLAN→Protocol VLAN→Protocol Template On VLAN→Protocol VLAN→Protocol Vlan page, create protocol Protocol type ValueVlan Mapping VPN Config¾ VPN Up-link Ports ¾ Vlan Mapping Config ¾ Vlan Mapping TableRequired. On the VLAN→VLAN VPN→VPN Config Optional. On the VLAN→VLAN VPN→VPN ConfigRequired. On the VLAN→VLAN VPN→Port Enable Required. On the VLAN→VLAN VPN→VLAN MappingGvrp ¾ Garp¾ Gvrp ¾ Port Config Select Port Status Registration ModeConfiguration Procedure Private Vlan¾ The Elements of a Private Vlan ¾ Features of Private Vlan¾ Private Vlan Implementation Pvid ¾ Packet forwarding in Private Vlan Pvlan ¾ Create Private Vlan ¾ Private Vlan TablePrimary Vlan Secondary VlanPort Select the desired port for configuration Port Type Required. On the VLAN→Private VLAN→Port Configure¾ Private Vlan Port Table Required. On the VLAN→Private VLAN→PVLANApplication Example for Private Vlan Required. On the VLAN→802.1Q VLAN→VLAN Config page, click Spanning Tree ¾ STP Elements¾ STP Timers ¾ Bpdu Comparing Principle in STP mode¾ STP Generation Step Operation¾ Rstp Elements Tips：¾ Mstp Elements ¾ Port States ¾ Port RolesSTP Config STP ConfigForward Delay VersionHello Time Max AgeSTP Summary Port Config STP SummaryPriority ExtPathIntPath Edge PortRegion Config Mstp InstancePort Role Port StatusInstance Config ¾ Region ConfigInstance Port Config ¾ Instance TableInstance ClearInstance ID Path CostSTP Security Port Protect¾ Bpdu Protect ¾ TC Protect¾ Bpdu Filter Loop Protect Root ProtectTC Protect Bpdu ProtectTC Protect 11 TC ProtectOn Spanning Tree→STP Config→STP Config On Spanning Tree→STP Config→Port ConfigApplication Example for STP Function On Spanning Tree→MSTP Instance→InstanceBridge of Instance Configure Switch D ¾ Suggestion for Configuration ¾ Multicast Overview Multicast¾ Multicast Address ¾ Multicast Address Table Multicast IP PortIgmp Snooping ¾ Igmp Snooping¾ Igmp Snooping Process ¾ Igmp MessagesSnooping Config ¾ Igmp Snooping Fundamentals¾ Igmp Snooping Status Description Displays Igmp Snooping status MemberIgmp Snooping Fast LeaveRouter Port Time Member Port TimeLeave Time Static Router PortSnooping→Snooping Config and Port Config Multicast→IGMP Snooping→VLAN ConfigMulticast Vlan Router Port¾ Multicast Vlan On the Multicast→IGMP Snooping→Snooping Config Application Example for Multicast VlanVlan Multicast→IGMP Snooping→Multicast Vlan¾ Configuration Procedure Step Operation Description Snooping→Port ConfigSnooping→Snooping Config Multicast IPMulticast IP Table Static Multicast IP¾ Create Static Multicast ¾ Static Multicast IP TableMulticast Filter IP-Range¾ Port Filter Config Port FilterMulticast→Multicast Filter→IP-Range Packet StatisticsMulticast→Multicast Filter→Port Filter ¾ Igmp Statistics QoS ¾ Priority Mode¾ QoS ¾ Schedule Mode 802.1Q frameSP-Mode ¾ Port Priority Config DiffServPort Priority Displays the LAG number which the port belongs toSchedule Mode ¾ Schedule Mode Config3 802.1P Priority ¾ 802.1P Priority Config¾ Priority Level Dscp Priority ¾ Dscp Priority Config It ranges from 0 toPriority Level Priority levels are labeled as TC0, TC1, TC2 and TC3Bandwidth Control ¾ Rate Limit ConfigRate Limit Ingress Rate bps Storm ControlEgress Ratebps ¾ Storm Control Config Broadcast RateBps Multicast RateVoice Vlan ¾ Port Voice Vlan ModeNumber OUI Address Vendor ¾ Security Mode of Voice Vlan Packet Type Processing ModeGlobal Config 12 Global ConfigurationPort Mode 13 Port ConfigOUI Config Required. On VLAN→802.1Q VLAN→Port Config Optional. On QoS→Voice VLAN→OUI Config page, youRequired. On QoS→Voice VLAN→Port Config Required. On QoS→Voice VLAN→Global ConfigACL Time-RangeTime-Range Summary IndexTime-Range Create ACL Config Holiday Config¾ Create Holiday ¾ Holiday TableACL Summary ACL Create¾ Rule Table ¾ Create ACLMAC ACL ¾ Create MAC ACLRule ID EtherTypeStandard-IP ACL ¾ Create Standard-IP ACLFragment MaskExtend-IP ACL ¾ Create Extend-IP ACLPolicy Config Policy SummaryPolicy Create Action CreateSelect Policy Desired policy, please click the Delete button11 Action Create ¾ Create ActionPolicy Binding Binding TablePort Binding ¾ Policy Bind TableDirection Displays the binding direction Vlan BindingEnter the ID of the Vlan you want to bind Application Example for ACL ¾ VLAN-Bind TableOn ACL→ACL Config→ACL Create page, create ACL On ACL→ACL Config→Standard-IP ACL page, select ACL Network Security IP-MAC BindingManual Binding ¾ Manual Binding Option Enter the Vlan IDProtect Type Select the Protect Type for the entry ¾ Manual Binding TableARP Scanning Dhcp Snooping Start IP AddressEnd IP Address ScanNetwork diagram for DHCP-snooping implementation ¾ Dhcp Working Principle¾ Option Dhcp Cheating Attack Implementation Procedure ¾ Dhcp Cheating Attack163 ¾ Option 82 Config ¾ Port Config Port SelectDecline Threshold Decline Flow Control Customization Circuit ID Remote ID¾ Imitating Gateway ARP Inspection¾ Cheating Gateway 10 ARP Attack Cheating Gateway ¾ Cheating Terminal Hosts¾ Man-In-The-Middle Attack ¾ ARP Flooding Attack ¾ ARP Detect ARP Detect¾ Trusted Port Required. On the Network Security→IP-MAC ARP DefendNetwork Security→ARP ARP Statistics ¾ ARP DefendDefend SpeedIP Source Guard ¾ Illegal ARP Packet¾ IP Source Guard Config DoS DefendDoS Attack Type Description DoS Defend DoS Detect11.5 Detect TimeDetect Attack Type¾ The Mechanism of an 802.1X Authentication System ¾ 802.1X Authentication Procedure178 179 ¾ 802.1X Timer ¾ Guest VlanAuthentication Method 802.1XGuest Vlan Guest Vlan IDServer Timeout Supplicant TimeoutRetry Times Control Mode Radius ServerControl Type AuthorizedOn the Network Security→802.1X→Global Config 802.1X Client SoftwareRequired. On the Network Security→802.1X→Radius Required. On the Network Security→802.1X→PortSnmp ¾ Snmp Overview¾ Snmp Management Frame ¾ Snmp Versions¾ Snmp Configuration Outline ¾ MIB Introduction¾ Local Engine Snmp Config¾ Remote Engine Snmp View MIB Object IDView Type View Name¾ Group Config Snmp GroupSnmp User ¾ Group TableAuth Mode Auth PasswordPrivacy Mode Privacy PasswordAccess ¾ Community ConfigSnmp Community Required. On the SNMP→SNMP Config→Global Required. On the SNMP→SNMP Config→SNMPMIB View ¾ Community TableOn the SNMP→SNMP Config→SNMP NotificationTimeout UDP PortUser Retry¾ Rmon Group RmonRmon Group Function History Control Event Config¾ History Control Table Alarm Config ¾ Event TableVariable Sample TypeRising Threshold Rising Event200 Cluster ¾ Cluster RoleNeighbor Info 13.1 NDP¾ Introduction to Cluster ¾ Neighbor NDP Summary¾ Neighbor Info ¾ Port Status Displays the port number of the switch NDPDetail ： NDP ConfigAging Time Port Displays the port number of the switch NtdpDevice Table Displays NDP status of the current portNtdp Summary Ntdp Summary Ntdp Interval Time Ntdp ConfigNtdp Hops Cluster EnableCluster Summary ¾ Global Config Cluster ¾ Cluster Config¾ Global Cluster ¾ Member InfoSwitch 11 Cluster Summary for Member Switch¾ Current Role Cluster Config¾ Role Change 14 Cluster Configuration for Commander Switch Member Config 16 Cluster Configuration for Individual SwitchCluster Topology ¾ Create MemberDevice Name Member MAC18 Collect Topology ¾ Graphic ShowApplication Example for Cluster Function On Cluster→NDP→NDP Config page, enable NDP On Cluster→NTDP→NTDP Config page, enable220 System Monitor MaintenanceCPU Monitor Memory Monitor 14.2 Log Content Log TableTime Module¾ Local Log Config Local LogRemote Log Log Buffer¾ Log Host Backup LogHost IP ¾ Backup Log Device DiagnoseCable Test ¾ Cable TestError Switch is availableLoopback Length¾ Ping Config Network DiagnosePing Test¾ Tracert Config TracertHardware Installation System Maintenance via FTPConfigure the Hyper Terminal 232 Download Firmware via bootrom menu 5Port SettingsTP-LINK ifconfig ip 172.31.70.22 mask 255.255.255.0 gateway TP-LINK upgrade You can only use the port 1 to upgradeTP-LINK start Start User Access Login Appendix a Specifications Appendix B Configuring the PCs Configure TCP/IP component238 Now Installation Guide Appendix C 802.1X Client Software241 242 Uninstall Software Figure C-7 InstallShield Wizard CompleteConfiguration Figure C-10 Uninstall Complete245 Figure C-15 Connection Status FAQ Appendix D Glossary Multicast Switching Group Attribute Registration Protocol GarpIeee 802.1D Ieee 802.1QPort Authentication Remote Authentication Dial-in User Service RadiusLink Aggregation Link Aggregation Control Protocol LacpSimple Network Management Protocol Snmp Simple Network Time Protocol SntpSpanning Tree Algorithm STA Telnet